[lacnog] Signing of the ARPA zone

Edgardo Leal edgardo_leal en hotmail.com
Mar Mar 23 17:12:52 BRT 2010 

hola creo ke se estan ekivocando con sus mails.... me han esatad mandando una informacion que desconosco y ke no me interesa:)



 


 

> From: Joao en c-l-i.net
> To: lacnog en lacnic.net
> Date: Mon, 22 Mar 2010 18:03:06 -0700
> Subject: Re: [lacnog] Signing of the ARPA zone
> 
> no hay mucho que decir, la verdad.
> La zona .arpa del DNS está ahora firmada con DNSSEC y se está 
> trabajando en limpiar la estructura de delegaciones en arpa para a 
> continuación firmar con DNSSEC las zonas contenidas en arpa (por 
> ejemplo in-addr.arpa, ip6.arpa, etc), e164.arpa ya está firmada desde 
> hace tiempo.
> Ahora se pueden verificar las respuestas de DNS configurando la clave 
> para .arpa en su servidor de nombres y a partir de julio, cuando se 
> firme también la raíz del DNS (el dominio ".") se podrá seguir la 
> cadena de verificaciones desde ahí.
> 
> Posteriormente imagino que los RIRs irán firmando sus zonas bajo in- 
> addr.arpa e ip6.arpa y asi hasta llegar hasta los usuarios del espacio 
> de direcciones que mantienen su propio DNS inverso
> 
> Saludos
> Joao
> 
> On 22 Mar 2010, at 17:26, Nicolás Ruiz wrote:
> 
> > Podría alguien más familiarizado con todo este proceso comentar un 
> > poco sobre esto? Yo en particular estoy bien crudo, pero no sé por 
> > donde comenzar.
> >
> > nicolás
> >
> > Joe Abley wrote:
> >> Colleagues,
> >> This is a follow-up to the operational announcement regarding 
> >> changes to the ARPA top-level domain that was sent on 2010-03-10. 
> >> Apologies in advance for duplicates received through different 
> >> mailing lists.
> >> As of 2010-03-17 1630 UTC all the authoritative servers for ARPA 
> >> are serving a signed ARPA zone.
> >> We would like to solicit feedback from the technical community to 
> >> allow us to identify any operational ill-effects that this change 
> >> has caused. We will monitor this mailing list for feedback, and I 
> >> will also distribute any feedback sent to me personally so that it 
> >> can be considered.
> >> If no harmful effects have been identified by 2010-03-21 the trust 
> >> anchor for the ARPA zone will be published through the IANA ITAR at 
> >> <https://itar.iana.org/>.
> >> Regards,
> >> Joe
> >> Begin forwarded message:
> >>> From: Joe Abley <joe.abley en icann.org>
> >>> Date: 10 March 2010 16:13:46 EST
> >>> To: Joe Abley <joe.abley en icann.org>
> >>> Subject: Signing of the ARPA zone
> >>>
> >>> Colleagues,
> >>>
> >>> This is a technical, operational announcement regarding changes to 
> >>> the ARPA top-level domain. Apologies in advance for duplicates 
> >>> received through different mailing lists.
> >>>
> >>> No specific action is requested of operators. This message is for 
> >>> your information only.
> >>>
> >>> The ARPA zone is about to be signed using DNSSEC. The technical 
> >>> parameters by which ARPA will be signed are as follows:
> >>>
> >>> KSK Algorithm and Size: 2048 bit RSA
> >>> KSK Rollover: every 2-5 years, scheduled rollover to follow RFC 5011
> >>> KSK Signature Algorithm: SHA-256
> >>> Validity period for signatures made with KSK: 15 days; new 
> >>> signatures published every 10 days
> >>> ZSK Algorithm and Size: 1024 bit RSA
> >>> ZSK Rollover: every 3 months
> >>> ZSK Signature Algorithm: SHA-256
> >>> Authenticated proof of non-existence: NSEC
> >>> Validity period for signatures made with ZSK: 7 days; zone 
> >>> generated and re-signed twice per day
> >>>
> >>> The twelve root server operators [1] will begin to serve a signed 
> >>> ARPA zone instead of the (current) unsigned ARPA zone during a 
> >>> maintenance window which will open at 2010-03-15 0001 UTC and 
> >>> close at 2010-03-17 2359 UTC. Individual root server operators 
> >>> will carry out their maintenance at times within that window 
> >>> according to their own operational preference.
> >>>
> >>> The trust anchor for the ARPA zone will be published in the ITAR 
> >>> [2], and in the root zone in the form of a DS record once the root 
> >>> zone is signed.
> >>>
> >>> If you have any concerns or require further information, please 
> >>> let me know.
> >>>
> >>> Regards,
> >>>
> >>>
> >>> Joe Abley
> >>> Director DNS Operations, ICANN
> >>>
> >>> [1] <http://www.root-servers.org/>
> >>> [2] <https://itar.iana.org/>
> >> _______________________________________________
> >> LACNOG mailing list
> >> LACNOG en lacnic.net
> >> https://mail.lacnic.net/mailman/listinfo/lacnog
> >
> > _______________________________________________
> > LACNOG mailing list
> > LACNOG en lacnic.net
> > https://mail.lacnic.net/mailman/listinfo/lacnog
> 
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
 		 	   		  
_________________________________________________________________
Prefiero un día sin coche que sin Messenger
www.vivirmessenger.com
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20100323/e1de90f4/attachment.html>

Más información sobre la lista de distribución LACNOG